Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/1d4cfc-8e5c-457c-9620-135c91ec199e/1/d-swVZ6s8_CIyC__i_sA_O1swd8.roa
File:                     d-swVZ6s8_CIyC__i_sA_O1swd8.roa (raw, json)
Hash identifier:          qCypOvLibuKP2E68GRothmm8lo6B/mICB0EA5T+oEpI=
Subject key identifier:   77:EB:30:55:9E:AC:F3:F0:88:C8:2F:FF:8B:FB:00:FC:ED:6C:C1:DF
Certificate issuer:       /CN=a0dbd5d1f86dd9dd66606a14d31d64cb0eaac83b
Certificate serial:       018CC5DCCE5CA62815011C788336E80D5AA7
Authority key identifier: A0:DB:D5:D1:F8:6D:D9:DD:66:60:6A:14:D3:1D:64:CB:0E:AA:C8:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oNvV0fht2d1mYGoU0x1kyw6qyDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/1d4cfc-8e5c-457c-9620-135c91ec199e/1/d-swVZ6s8_CIyC__i_sA_O1swd8.roa
Signing time:             Mon 01 Jan 2024 16:30:31 +0000
ROA not before:           Mon 01 Jan 2024 16:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.200.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/1d4cfc-8e5c-457c-9620-135c91ec199e/1/oNvV0fht2d1mYGoU0x1kyw6qyDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/1d4cfc-8e5c-457c-9620-135c91ec199e/1/oNvV0fht2d1mYGoU0x1kyw6qyDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oNvV0fht2d1mYGoU0x1kyw6qyDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 19:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:ce:5c:a6:28:15:01:1c:78:83:36:e8:0d:5a:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0dbd5d1f86dd9dd66606a14d31d64cb0eaac83b
        Validity
            Not Before: Jan  1 16:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77eb30559eacf3f088c82fff8bfb00fced6cc1df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3b:a7:ca:e8:6b:39:5f:3c:5d:23:cd:a9:2e:
                    db:9d:77:96:05:83:13:e5:bc:d8:ba:f8:d9:c2:cd:
                    50:f1:75:7e:68:12:e8:16:18:d2:70:98:4d:a3:5e:
                    8e:2f:30:75:1c:8e:de:d7:ab:43:84:f3:94:34:9a:
                    6e:2d:f1:16:95:4d:f6:94:5c:d2:d9:c3:99:44:31:
                    72:0a:22:2e:c5:a5:3a:86:62:46:c9:58:a7:22:59:
                    df:ee:40:79:4d:42:fe:25:a1:26:86:33:66:12:2e:
                    65:7a:a4:3d:7f:4b:39:3b:79:a7:ba:9d:c8:02:ec:
                    b9:e9:10:3c:b4:8b:44:da:6a:af:02:56:5a:2f:a7:
                    73:5a:97:77:75:bd:ba:31:e1:5f:48:09:a0:f5:f3:
                    18:9b:17:53:3c:72:53:68:26:f4:2a:61:2f:cd:2c:
                    a9:1e:48:e1:91:5a:b8:9a:ae:13:4b:35:38:33:e9:
                    f3:d8:ee:c4:d0:51:23:f7:e3:ca:46:35:c5:87:e5:
                    37:0f:8b:e9:0c:46:77:9a:0b:a6:b7:55:8e:ed:cd:
                    a9:57:20:20:df:68:65:88:7b:c8:a3:32:20:17:09:
                    18:8e:fa:38:06:7a:56:09:99:05:ee:bc:c5:39:91:
                    7b:d2:e9:f3:bc:e0:18:47:e3:11:28:6e:f7:f5:01:
                    77:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:EB:30:55:9E:AC:F3:F0:88:C8:2F:FF:8B:FB:00:FC:ED:6C:C1:DF
            X509v3 Authority Key Identifier:
                keyid:A0:DB:D5:D1:F8:6D:D9:DD:66:60:6A:14:D3:1D:64:CB:0E:AA:C8:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oNvV0fht2d1mYGoU0x1kyw6qyDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/1d4cfc-8e5c-457c-9620-135c91ec199e/1/d-swVZ6s8_CIyC__i_sA_O1swd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/1d4cfc-8e5c-457c-9620-135c91ec199e/1/oNvV0fht2d1mYGoU0x1kyw6qyDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:37:99:24:b9:d9:52:65:da:8f:50:0a:5d:4d:09:21:f6:37:
         ad:87:85:f9:b5:a0:88:6f:36:59:dd:89:6c:65:28:4a:b5:1c:
         ee:13:d3:4b:20:85:16:dc:5f:e0:d6:79:bc:0c:97:c8:1b:d2:
         09:59:82:22:33:d1:45:8e:34:7e:d4:cc:37:64:12:33:4c:c5:
         ee:73:3e:d6:a8:7d:38:27:a1:31:ba:d7:e4:21:98:fb:59:5c:
         f5:07:fc:87:6e:0e:d6:50:27:4b:7a:b0:4f:4f:95:1f:7e:35:
         71:15:0b:d6:3a:5e:cf:84:62:ac:fa:e0:a1:76:6e:ba:14:e9:
         0c:10:6a:fa:fe:66:32:bb:d9:e2:b1:45:e0:e2:34:16:fd:1c:
         c4:00:9b:6f:13:14:55:30:97:60:fe:44:7c:36:02:4e:08:ff:
         79:3a:b5:0f:51:88:c0:f7:e5:0f:2f:ad:d8:d0:98:44:e3:71:
         28:a9:2d:20:8a:57:b9:f6:19:88:13:48:90:2a:bf:02:f2:85:
         70:fe:38:c9:b8:17:b9:06:87:72:18:90:8e:81:e4:88:38:26:
         2f:e3:1c:be:0c:7a:ac:e3:9d:4a:d5:92:18:46:21:5e:d6:b9:
         12:aa:eb:9b:f7:60:db:bb:0a:33:fa:ad:ca:52:5e:e2:70:69:
         05:02:ad:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3M5cpigVARx4gzboDVqnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZGJkNWQxZjg2ZGQ5ZGQ2NjYwNmExNGQzMWQ2NGNiMGVh
YWM4M2IwHhcNMjQwMTAxMTYzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2ViMzA1NTllYWNmM2YwODhjODJmZmY4YmZiMDBmY2VkNmNjMWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDunyuhrOV88XSPNqS7bnXeWBYMT
5bzYuvjZws1Q8XV+aBLoFhjScJhNo16OLzB1HI7e16tDhPOUNJpuLfEWlU32lFzS
2cOZRDFyCiIuxaU6hmJGyVinIlnf7kB5TUL+JaEmhjNmEi5leqQ9f0s5O3mnup3I
Auy56RA8tItE2mqvAlZaL6dzWpd3db26MeFfSAmg9fMYmxdTPHJTaCb0KmEvzSyp
HkjhkVq4mq4TSzU4M+nz2O7E0FEj9+PKRjXFh+U3D4vpDEZ3mgumt1WO7c2pVyAg
32hliHvIozIgFwkYjvo4BnpWCZkF7rzFOZF70unzvOAYR+MRKG739QF3ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfrMFWerPPwiMgv/4v7APztbMHfMB8GA1UdIwQY
MBaAFKDb1dH4bdndZmBqFNMdZMsOqsg7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb052VjBmaHQyZDFtWUdvVTB4MWt5dzZxeURzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8xZDRjZmMtOGU1Yy00NTdjLTk2MjAt
MTM1YzkxZWMxOTllLzEvZC1zd1ZaNnM4X0NJeUNfX2lfc0FfTzFzd2Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8xZDRjZmMtOGU1Yy00NTdjLTk2MjAtMTM1YzkxZWMxOTll
LzEvb052VjBmaHQyZDFtWUdvVTB4MWt5dzZxeURzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucjSMA0G
CSqGSIb3DQEBCwUAA4IBAQCXN5kkudlSZdqPUApdTQkh9jeth4X5taCIbzZZ3Yls
ZShKtRzuE9NLIIUW3F/g1nm8DJfIG9IJWYIiM9FFjjR+1Mw3ZBIzTMXucz7WqH04
J6ExutfkIZj7WVz1B/yHbg7WUCdLerBPT5UffjVxFQvWOl7PhGKs+uChdm66FOkM
EGr6/mYyu9nisUXg4jQW/RzEAJtvExRVMJdg/kR8NgJOCP95OrUPUYjA9+UPL63Y
0JhE43EoqS0gile59hmIE0iQKr8C8oVw/jjJuBe5BodyGJCOgeSIOCYv4xy+DHqs
451K1ZIYRiFe1rkSquub92Dbuwoz+q3KUl7icGkFAq1I
-----END CERTIFICATE-----